You will need to contact Octorate for this Step and prepare to devel a flow that will require some time and some mails, is not always possible to access the credit cards (it depends on how much data you can process).
A good security for credit cards would involve to have a separate area to store the credit cards and avoid to persist them in the normal datastore since this would means that a security breach may involve in plain credit card details revelead.
This must be done according to the PCI standards, where we you will have some special methods to process the card, reveal their details only to the property and execute actions, always without knowing the credit card details.
Requirement: You will need a static (or a range) of IPs to use this service, that you have to agreed with Octorate.In this process there a 4 or 5 parts involved
In order to process this credit card, you must apply to a special procedures that would allow us to verify your identity and to give you the new documentation to execute this process.
Unfortunately at this stage we are not able to give the credit cards to all our actors, so this application according to the volume of transaction you expect to process may be rejected.
The token that you need to use inside this process is reported inside the json reservation in the path $.card.token
In order to process payments in Europe, you need to be ready to support the SCA authentication process where the customer may not be inside your system when the authentication of the payments is required. Authentication is the process where the banks wants to send the sms to the customer to check if he’s aware of the transaction.
This process is explained in the documentation we can provide, plan extra time to handle these cases
Take also in consideration that sometimes, some OTAs to elude this process, may send to hotel virtual cards issued by them. In this case, take have a look to $.card.cardVirtual boolean value, since these cards are usually restricted in time and amount.
In case you want to see the credit cards we expect you to do this step:
1.Create the credit card account to the customer, in order to choose the password to see the credit cards using the provided documentation (Only once)
2.Read the reservation details and persist the credit card token inside your system
3.Using the secret api, create a link to see the details of the credit card
4.Using an iframe you can embed this link, customer will need to enter the secret code to see the credit card details.
In case you want to execute some payment, you will need to connect to a processor.
The flow to connect to the processor and retrieve the credentials may vary according to each processor but the way to process after the payments is always the same:
1.Ask through the api to create a customer inside the processor
2.Ask to debit a define amount inside this processor
3.Register the transaction details inside your system
Note: Is not always possible to store the card inside the processor, some processor may require to execute the payment once and then the credit card is “consumed”.
In case you want to send the credit card to us, you will need to send the credit card to a specific endpoint.
The format of the request is defined inside our API in the section “Reservation”→”Add Card”.